Permission denied error when deploying with Docker on Kubernetes

[abdulmalik-alzeer]

Octane Version

2.13

Laravel Version

12.35.1

PHP Version

8.3.13

What server type are you using?

FrankenPHP

Server Version

1.2.5

Database Driver & Version

MySQL 8.0.35-commercial

Description

After upgrading from Laravel Octane v2.10.0 to v2.13.0, pods fail to start in Kubernetes, resulting in nginx 502 errors. The Docker image builds successfully and the GitLab CI/CD pipeline completes without errors. However, when ArgoCD deploys to the Kubernetes cluster, the pod crashes during the health check phase.

The error occurs when the octane:status command (run as part of the Docker HEALTHCHECK) triggers FrankenPHP dependency checks, which attempt to rename the FrankenPHP binary without sufficient permissions.

This issue did not occur with v2.10.0 under the same deployment configuration. Rolling back to v2.10.0 immediately resolves the issue and pods start successfully.

Steps To Reproduce

1. Create a Dockerfile with the following relevant sections:

   • Create octane user with UID/GID 1000
   • Switch to octane user: USER octane
   • Run: RUN php artisan octane:install --no-interaction
   • Add healthcheck: HEALTHCHECK CMD ["php", "artisan", "octane:status"]

2. Upgrade Laravel Octane from v2.10.0 to v2.13.0 in composer.json

3. Build Docker image (build completes successfully with no errors)

4. Push image through GitLab CI/CD pipeline (pipeline passes)

5. Deploy to Kubernetes cluster via ArgoCD

6. Observe pod failure during startup:

   • Pod fails health check
   • nginx returns 502 error
   • Container logs show: rename(/usr/local/bin/frankenphp,/usr/local/bin/frankenphp.backup): Permission denied
   • Error originates from InstallsFrankenPhpDependencies.php:173

Root Cause: The octane:status command appears to trigger dependency checks that attempt to rename /usr/local/bin/frankenphp, but the octane user (non-root) lacks write permissions to /usr/local/bin/.

Note: The octane:install command during Docker build (step 1) completes successfully. The error only occurs when octane:status runs during the pod's health check phase.

[AlliBalliBaba]

It looks like the FrankenPHP binary at /usr/local/bin/frankenphp is probably missing when you are starting the container (are you copying it during build?)

If you are using containers, I'd also recommend using the pre-built Docker image, as it has FrankenPHP pre-installed and you can easily add more extensions.